Security flaws surface in UK e-passport scheme

London, Aug.6 (ANI): Security flaws have emerged in new micro-chipped passports that were introduced to protect against terrorism and organised crime. In tests that The Times was privy to, Jeroen van Beek, a computer researcher at the University of Amsterdam, took less than an hour to clone the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber. The altered chips were then passed as genuine by passport reader software used by the UN agency that sets standards for e-passports. Building on research from the UK, Germany and New Zealand, van Beek has developed a method of reading, cloning and altering microchips so that the Golden Reader, the standard software used by the International Civil Aviation Organisation to test them, accepts them as genuine. It is also the software recommended for use at airports. The micro-chipped passports contain a tiny radio frequency chip and antenna attached to the inside back page. A special electronic reader sends out an encrypted signal and the chip responds by sending back the holder’’s ID and biometric details. The tests suggest that if the microchips are vulnerable to cloning then bogus biometrics could be inserted in fake or blank passports. The flaws also undermine Home Office claims that the 3,000 blank passports that were stolen last week were worthless, as they could not be forged. The Home Office has always argued that faked chips can be spotted at border checkpoints because they would not match key codes when checked against an international database. But only ten of the forty-five countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it. Britain is a member but will not use the directory before next year, says The Times. Some of the 45 countries, including Britain, swap codes manually, but criminals are in a position to use fake e-passports from countries that do not share key codes, which would then go undetected at passport control. Britain introduced e-passports in March 2006. In the wake of the September 11 attacks, the United States demanded that other countries adopt biometric passports. Many of the 9/11 bombers had travelled on fake passports. The tests raise serious questions about the Government’’s four billion pound identity card scheme, which relies on the same biometric technology. Dominic Grieve, the Shadow Home Secretary, has called on ministers to take urgent action to remedy the security flaws. (ANI)